keycloak-aplcache

KEYCLOAK-8414 use the clientId when the ClientScopeModel …

11/16/2018 11:58:55 PM

is an instance of ClientModel

Stefan Guilhen

Commit: 8af1ca8

Tree: 8e3ac0b

Parents: 55f90ff

Changes

server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java 9(+8 -1)

server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java 6(+5 -1)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java 7(+4 -3)

testsuite/integration-arquillian/tests/base/src/test/resources/model/testrealm.json 5(+2 -3)

Details

server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java 9(+8 -1)

diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java b/server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
index c402573..2846917 100755
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
@@ -570,7 +570,14 @@ public final class KeycloakModelUtils {
                 return clientScope;
             }
         }
-
+        // check if we are referencing a client instead of a scope
+        if (realm.getClients() != null) {
+            for (ClientModel client : realm.getClients()) {
+                if (clientScopeName.equals(client.getClientId())) {
+                    return client;
+                }
+            }
+        }
         return null;
     }

server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java 6(+5 -1)

diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
index 9f91721..8294f37 100755
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
@@ -660,7 +660,11 @@ public class ModelToRepresentation {
 
         List<String> grantedClientScopes = new LinkedList<>();
         for (ClientScopeModel clientScope : model.getGrantedClientScopes()) {
-            grantedClientScopes.add(clientScope.getName());
+            if (clientScope instanceof ClientModel) {
+                grantedClientScopes.add(((ClientModel) clientScope).getClientId());
+            } else {
+                grantedClientScopes.add(clientScope.getName());
+            }
         }
 
         UserConsentRepresentation consentRep = new UserConsentRepresentation();

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java 7(+4 -3)

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java
index e8ae1b7..eb27600 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java
@@ -59,6 +59,7 @@ import org.keycloak.testsuite.client.KeycloakTestingClient;
 import org.keycloak.testsuite.util.RealmRepUtil;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.LinkedList;
@@ -368,7 +369,7 @@ public class ExportImportUtil {
 
         Map<String, Object> appAdminConsent = findConsentByClientId(consents, application.getClientId());
         Assert.assertNotNull(appAdminConsent);
-        Assert.assertTrue(isClientScopeGranted(appAdminConsent, OAuth2Constants.OFFLINE_ACCESS));
+        Assert.assertTrue(isClientScopeGranted(appAdminConsent, OAuth2Constants.OFFLINE_ACCESS, "roles", "profile", "email", "account", "web-origins"));
 
         Map<String, Object> otherAppAdminConsent = findConsentByClientId(consents, otherApp.getClientId());//admin.getConsentByClient(otherApp.getId());
         Assert.assertFalse(isClientScopeGranted(otherAppAdminConsent, OAuth2Constants.OFFLINE_ACCESS));
@@ -392,9 +393,9 @@ public class ExportImportUtil {
     }
 
 
-    private static boolean isClientScopeGranted(Map<String, Object> consent, String clientScopeName) {
+    private static boolean isClientScopeGranted(Map<String, Object> consent, String... clientScopeNames) {
         if (consent.get("grantedClientScopes") == null) return false;
-        return ((List)consent.get("grantedClientScopes")).contains(clientScopeName);
+        return ((List)consent.get("grantedClientScopes")).containsAll(Arrays.asList(clientScopeNames));
     }

testsuite/integration-arquillian/tests/base/src/test/resources/model/testrealm.json 5(+2 -3)

diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/model/testrealm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/model/testrealm.json
index 0237bf2..6babcb0 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/model/testrealm.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/model/testrealm.json
@@ -179,7 +179,8 @@
                     "grantedRealmRoles": [ "offline_access" ],
                     "grantedClientRoles": {
                         "Application": [ "app-admin" ]
-                    }
+                    },
+                    "grantedClientScopes" : [ "roles", "profile", "email", "account", "web-origins" ]
                 },
                 {
                     "clientId": "OtherApp",
@@ -535,6 +536,4 @@
         ]
 
     }
-
-
 }
\ No newline at end of file